CVE-2022-24348

HIGH

Argo CD <2.1.9 & <2.2.4 - Path Traversal

Title source: llm

Description

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Exploits (1)

nomisec WORKING POC

by DeveloperOl · poc

https://github.com/DeveloperOl/CVE-2022-24348-2

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/

[Exploit, Third Party Advisory] https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7

Scores

CVSS v3 7.7

EPSS 0.0340

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

argoproj/argo-cd 0 - 2.1.9 (2 CPE variants)Go

argoproj/argo_cd < 2.1.9

Published Feb 04, 2022

Tracked Since Feb 18, 2026